Be­ware! Your Fol­lower on FB Could be a Scam­ster

Fraud­sters ei­ther de­mand money for restor­ing ac­count or take con­trol of page

The Economic Times - - Companies: Pursuit Of Profit - Ari­tra.Sarkhel @times­group.com

Bengaluru: Ru­chita Sit­lani, along with her sis­ter Reeva, had just stepped out of her home in Mum­bai for cof­fee on Au­gust 30 when her phone rang. “This is a call from the cy­ber crime depart­ment. Your In­sta­gram ac­count has been re­ported for abuse by 948 peo­ple and will be deleted in a day’s time. If you don’t want your ac­count to be sus­pended, please link your per­sonal email id to the ac­count in­stead of your of­fi­cial busi­ness ID” the caller said in a brusque voice. The Sit­la­nis run Love At First Sight, an on­line gift shop for women in Mum­bai, which has12,000 fol­low­ers on In­sta­gram and 1,000 on Face­book.

At about the same time, in Vado­dara, Mit­tal Brahmb­hatt, who runs The Closet, a women’s cloth­ing store with 1,800 Face­book fol­low­ers and 31,000-plus on In­sta­gram, got a sim­i­lar call ask­ing her to share the one-time pass­word (OTP) sent to her phone.

Both calls orig­i­nated from the same num­ber and made sim­i­lar threats. “The man claimed to be from the ‘cy­ber­crime cen­tre’ of Mum­bai and asked me to share the OTP for ver­i­fi­ca­tion of our Face­book page with him, threat­en­ing that else our busi­ness pages will be deleted by Face­book and In­sta­gram within 24 hours,” said Brahmb­hatt.

Brahmb­hatt didn’t share any pass­word and cut the call im­me­di­ately. But Sit­lani caved in. “I was shak­ing with fear think­ing it was a call from Face­book. So, in the heat of the mo­ment, I changed the of­fi­cial email ID of my In­sta­gram ac­count to my per­sonal ID. Within half an hour, that per­son changed all the de­tails of our page and changed the num­ber and email at­tached to our page,” she told ET.

Sit­lani is a vic­tim of a scam that in­volves hi­jack­ing the Face­book and In­sta­gram ac­counts of users and de­mand­ing pay­ment for their restora­tion. There are two ways the scam works. One, ev­ery Face­book ac­count is linked to an email ID and phone num­ber. The scam­ster re­quests an OTP by click­ing on the 'for­got pass­word' link. The scam­ster then makes a call to the ac­count owner, pre­tend­ing to be from the “cy­ber­crime cen­tre”, de­mand­ing the OTP be shared. Once the ac­count owner shares the pass­word, the scam­ster uses it to change the email ids and phone num­bers. The page with all the likes, fol­low­ers and con­tent now be­longs to the scam­ster.

Two, the scam­ster calls the vic­tim, threat­ens them to add a per­sonal email id — which can be more eas­ily hacked as com­pared to a busi­ness email ser­vice — to their In­sta­gram and Face­book pages. Af­ter the call, the scam­ster hacks into the per­sonal email ac­count and takes con­trol of their ac­counts. This type of at­tack can be car­ried out by us­ing a large set of words like date of birth, email ad­dress and other de­tails of the per­son on­line to fig­ure out the email pass­word. On­line tools are eas­ily avail­able for th­ese hacks.

Sit­lani reached out to the lo­cal po­lice sta­tion in Mahim on

TRACK­ING CY­BER CRIME

the very day her ac­count was hacked. She reg­is­tered a com­plaint and was asked to go to the cy­ber­crime cen­tre in Ban­dra Kurla Com­plex Road for fur­ther help. Ten days later, there has been no progress in the case, Sit­lani told ET.

She emailed Face­book, but got a re­ply say­ing, “It doesn’t look like we can help you with the prob­lem you are hav­ing from here.” The com­pany also shared a link to their help cen­tre, ac­cord­ing to Sit­lani.

ET wrote to Face­book seek­ing de­tails of any com­plaints it might have re­ceived about such hacks and how it ad­dresses them. “Pro­tect­ing peo­ple’s per­sonal in­for­ma­tion is im­por­tant to us, and that's why se­cu­rity is built into ev­ery Face­book prod­uct and de­sign. Our se­cu­rity sys­tems run in the back­ground mil­lions of times per sec­ond to help catch threats and re­move them be­fore they even reach peo­ple,” said a Face­book spokesper­son in an email re­sponse. “We en­cour­age peo­ple to be cau­tious about shar­ing their per­sonal or ac­count in­for­ma­tion with­out ver­i­fy­ing the iden­tity of the re­quester, and to re­port sus­pi­cious mes­sages us­ing the easy-to-find links across our ser­vice.”

So­cial net­work users are now turn­ing to cy­ber­se­cu­rity firms to help deal with such is­sues. Bar­oda-based Ji­gar Te­war, a soft­ware de­vel­oper, who runs a page called Bar­oda Rocks with 42,000 fol­low­ers on Face­book, said, “I had de­vel­oped this page four years ago and on Au­gust 28, I got a threat­en­ing call ask­ing for cer­tain de­tails. I was afraid and shared the OTP with the caller and he im­me­di­ately hacked into my In­sta­gram and Face­book pages.” Soon, Te­war got a call ask­ing for .₹ 5,000 to get the page back. Te­war reached out to Manan Shah, CEO of cy­ber se­cu­rity firm Avalance Global So­lu­tions, for help. Shah told ET that his team “reached out to peo­ple at Face­book and helped Ji­gar take back own­er­ship” of his Face­book Ac­count.

“Ji­gar’s case is not a one-off. I have got at least four other in­quiries from peo­ple whose Face­book or In­sta­gram ac­counts have been hacked,” said Shah, adding the same per­son has been call­ing up other peo­ple to sell stolen Face­book and In­sta­gram ac­counts with 15,000-plus fol­low­ers and likes. “One like gets sold at .₹ 2 some­times and there are many peo­ple on Face­book and In­sta­gram who will give you 1,000 likes to a mil­lion likes for a cer­tain price. It’s a fish mar­ket for Face­book pages and In­sta­gram ac­counts,” he added.

For Sit­lani, the threat­en­ing calls from the same num­ber con­tin­ued. “He had the au­dac­ity to ask me for .₹ 5,000 for get­ting my page back. I re­fused and he came down to .₹ 1,000,” she said. When ET called the num­ber of the fraud­ster pre­tend­ing to be a po­ten­tial buyer of Face­book pages with a size­able fol­low­ing, he agreed to sell the pages of peo­ple with the sub­stan­tial fol­low­ing at prices vary­ing from .₹ 350 for a fol­low­ing of 1,000 to .₹ 20,000 for a fol­low­ing of 50,000. When asked about his con­nec­tions with the “cy­ber­crime cen­tre”, he re­sponded with the abuses in Hindi. “How does it mat­ter whether I am from cy­ber­crime of any city? I can give 1 mil­lion fol­low­ers on Wed­nes­day. I have many pages with me. Just trans­fer money to my Paytm ac­count,” he said. Ex­perts said a griev­ance of­fi­cer based in In­dia might be able to solve such com­plex cases faster.

THINKSTOCK

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.